Cybersecurity

Cyber and other transaction agreements

security dashboard (KanawatVector/Shutterstock.com) 

Rapid acquisitions for prototypes and experimental technology will be subject to the Defense Department's unified cybersecurity standard, according to Katie Arrington, DOD's chief information security officer for acquisition.

Arrington said DOD's upcoming implementation of its Cybersecurity Maturity Model Certification will apply to other transaction agreements -- a rapid contract mechanism frequently used to help develop and field prototypes.

"In an OTA, in the technical specs, they can actually call it out and say what they want," said Arrington during an April 29 NextGov webinar on CMMC.

OTAs are meant to speed the government buying process and allow DOD to buy new capabilities faster by allowing officials to sidestep competitive bidding in certain cases. But there's ample worry of potential overuse, which could invite congressional scrutiny.

Arrington's comments come as DOD has begun pushing for the use of OTAs to find and execute on solutions that can help treat or prevent the spread of coronavirus. Ellen Lord, DOD's acquisition chief, issued a memo in early April to ease the OTA process by delegating contracting authorities to heads of agencies and combatant commanders during the pandemic.

For example, the Army issued $100,000 contracts for innovative ventilator solutions that could be deployed in rural settings as part of its xTech COVID-19 Ventilator Challenge. The ongoing contest aims to produce 10,000 ventilators suitable for field operation in eight weeks and uses OTAs.

As for cyber concerns, Arrington said because OTAs operate "outside" the Federal Acquisition Regulation and largely benefit small businesses, which can be the most vulnerable when it comes to cybersecurity, CMMC is even more important.

"That's where we need to ensure that we're putting those levels of CMMC in," she said. "If you're doing some grant work, we do need to make sure the institution or the department or the network that you're doing this work on understands the risk...Everybody's vulnerable."

Featured

  • Defense
    Essye Miller, Director at Defense Information Management, speaks during the Breaking the Gender Barrier panel at the Air Space, Cyber Conference in National Harbor, Md., Sept. 19, 2017. (U.S. Air Force photo/Staff Sgt. Chad Trujillo)

    Essye Miller: The exit interview

    Essye Miller, DOD's outgoing principal deputy CIO, talks about COVID, the state of the tech workforce and the hard conversations DOD has to have to prepare personnel for the future.

  • innovation (Sergey Nivens/Shutterstock.com)

    VA embraces procurement challenges at scale

    Steve Kelman applauds the Department of Veterans Affairs' ambitious attempt to move beyond one-off prize-based contests to combat veteran suicides more effectively.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.